Wage Management System

I have been modifying the prototype of the system some time ago. When I first started to access the system, I felt a lot of loopholes. First, the allocation of User Permissions was unreasonable, and the database design was unreasonable, not to mention the bad habit of naming in Chinese, this code is redundant. However, the strength is limited, and only one or two changes can be made on the basis of it !!!

List part of the content again. I hope you can give me some advice...

First, the user permissions are divided into four levels, each part of their respective departments. Thank you for designing the interface !!!

Looking back at these codes, I am a little scared because they are all modified step by step according to my own ideas and have not done any analysis at all,

Now we have a page code. I hope you can give some suggestions on data,

Page Asp.net code

<% @ Page Language = "C #" autoeventwireup = "true" codebehind = "verifyfujia. aspx. cs" inherits = "hzu. wqs. Web. verifyfujia" %> <! Doctype HTML public "-// W3C // dtd xhtml 1.0 transitional // en" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <HTML xmlns = "http://www.w3.org/1999/xhtml"> 
CS File Code

Using system; using system. collections; using system. configuration; using system. data; using system. web; using system. web. security; using system. web. ui; using system. web. UI. htmlcontrols; using system. web. UI. webcontrols; using system. web. UI. webcontrols. webparts; using system. text; using hzu. wqs. web. config; using hzu. dbutility; using system. globalization; namespace hzu. wqs. web {public partial class verifyfujia: S Ystem. web. UI. page {protected void page_load (Object sender, eventargs e) {If (session ["Financial Management"] = NULL) {response. redirect ("index. aspx ");} If (! Ispostback) {datatable dt = dbhelpersql. query ("select distinct department from additional payroll "). tables [0]; foreach (datarow DR in DT. rows) {listitem li = new listitem (Dr ["department"]. tostring (), Dr ["department"]. tostring (); ribu. items. add (LI);} datatable dd = dbhelpersql. query ("select distinct add department from additional payroll where status = 'unaudited '"). tables [0]; foreach (datarow DR in DD. rows) {listitem li = new listitem (Dr ["add Department"]. tostring (), Dr ["add Department "]. tostring (); ZT. items. add (LI);} DT. dispose (); gvdatabind () ;}} private void gvdatabind () {dataset dt1 = dbhelpersql. query ("select personal information. name, additional payroll. * From additional payroll, personal information where additional payroll. id = personal information. number and additional payroll. status = 'unaudited '"+ viewstate [" wherestr "]); gvsh. datasource = dt1; gvsh. datakeynames = new string [] {"ID"}; gvsh. databind ();} protected void gvsh_selectedindexchanging (Object sender, gridviewselecteventa RGS e) {gvsh. pageindex = E. newselectedindex; gvdatabind ();} protected void gvsh_rowdeleting (Object sender, gridviewdeleteeventargs e) {try {string id = gvsh. datakeys [E. rowindex]. value. tostring (); dbhelpersql. executesql ("Update additional payroll table set status = 'denied ', audit time ='" + datetime. now + "'where id =" + id); gvdatabind ();} catch (exception) {addinfo. addjscode (this, "alert ('System error! ') ") ;}} Protected void gvsh_rowupdating (Object sender, gridviewupdateeventargs e) {try {string id = gvsh. datakeys [E. rowindex]. value. tostring (); string date = datetime. now. tostring ("yyyy-mm", datetimeformatinfo. invariantinfo); datetime day = datetime. parse (date. tostring (); dbhelpersql. executesql ("Update additional payroll table set status = 'pass', audit time = '" + day + "'where id =" + id ); // try // {object HH = dbhelpersql. get Single ("select number from additional payroll where id = '" + ID + "'"); datarow DR = dbhelpersql. query ("select personal information. *. Add a payroll. amount from personal information, additional payroll where personal information. no. = '"+ HH + "'"). tables [0]. rows [0]; bool REE = dbhelpersql. exists ("Select No. From additional total salary where no. = '" + Dr ["no."]. tostring () + "'and year month ='" + day + "'"); If (! REE) {dbhelpersql. executesql ("insert into additional total salary (number, department, total, year month) values ('" + Dr ["Number"]. tostring () + "','" + Dr ["department"]. tostring () + "','" + Dr ["amount"]. tostring () + "','" + day + "')");} else {float Chan = float. parse (Dr ["amount"]. tostring (); dbhelpersql. executesql ("Update total salary additional set total amount = total amount + '" + Chan + "'where no. ='" + Dr ["no."]. tostring () + "'");} // catch (exception ex) // {// addinfo. addjscode (this," Lert ('"+ Ex +"') "); //} gvdatabind ();} catch (exception) {addinfo. addjscode (this," alert ('System error! ') ") ;}} Protected void gvsh_pageindexchanged (Object sender, gridviewpageeventargs e) {gvsh. pageindex = E. newpageindex; gvdatabind ();} protected void button1_click1 (Object sender, eventargs e) {try {for (INT I = 0; I <gvsh. rows. count; I ++) {checkbox chk = (checkbox) gvsh. rows [I]. findcontrol ("check"); If (chk. checked = true) {string strsql = "Update additional payroll table set status = 'pass', audit time = '" + datetime. now + "'Where id = '" + gvsh. datakeys [I]. Value + "'"; bool p_update = dbhelpersql. exists (strsql); If (! P_update) {response. Write ("<SCRIPT> approval failed. Please try again! </SCRIPT> ") ;}}} gvdatabind (); checkpz. Checked = false;} catch (exception) {addinfo. addjscode (this," alert ('System error! ') ") ;}} Protected void checkpz_checkedchanged (Object sender, eventargs e) {for (INT I = 0; I <gvsh. rows. count; I ++) {checkbox chk = (checkbox) gvsh. rows [I]. findcontrol ("check"); If (checkpz. checked = true) {chk. checked = true;} else {chk. checked = false ;}} protected void button2_click (Object sender, eventargs e) {try {for (INT I = 0; I <gvsh. rows. count; I ++) {checkbox chk = (checkbo X) gvsh. rows [I]. findcontrol ("check"); If (chk. checked = true) {string strsql = "Update additional payroll set status = 'denied ', audit time ='" + datetime. now + "'where id = '" + gvsh. datakeys [I]. value + "'"; bool p_update = dbhelpersql. exists (strsql); If (! P_update) {response. Write ("<SCRIPT> rejection failed. Please try again! </SCRIPT> ") ;}}} gvdatabind (); checkpz. Checked = false;} catch (exception) {addinfo. addjscode (this," alert ('System error! ') ") ;}} Protected void btnree_click (Object sender, eventargs e) {viewstate [" wherestr "] =" "; viewstate [" wherestr1 "] = ""; string Dep = ribu. selectedvalue; string name = sname. text; string state = ZT. selectedvalue; string sqlstr = "select additional payroll. *, personal information. name from additional payroll, personal information where additional payroll. id = personal information. number and additional payroll. status = 'unaudited '"; if (DEP! = "") Viewstate ["wherestr"] = viewstate ["wherestr"] + "and additional payroll. Department = '" + Dep + "'"; if (name! = "") Viewstate ["wherestr"] = viewstate ["wherestr"] + "and personal information. Name = '" + name + "'"; if (State! = "") Viewstate ["wherestr"] = viewstate ["wherestr"] + "and additional payroll. add Department = '"+ state +"' "; dataset DS = dbhelpersql. query (sqlstr + viewstate ["wherestr"] + viewstate ["wherestr1"]); gvsh. datasource = Ds; gvsh. databind ();}}}
1. This page is the salary review page. I have not analyzed whether it is reasonable to update the salary status in the same data table, but there is no need to create another data table to store this information.
2. There are too many statements for data query, insertion, and modification in the background, and database operations are performed repeatedly, which reduces the speed of data loading and running. I have not learned how to use LINQ to SQL, therefore, I am not very familiar with the 00 data processing method. Therefore, on the basis of this, I can only sacrifice efficiency and complete anything. Sin ......
3. the lifecycle of the page. Because the order of the events generated by page output and the concept of its role are vague, the data is initially bound to the judgment statement if, as a result, during multiple audits, the page will not be automatically returned, and the page content will not change. However, the data has been uploaded to the database for processing. The problem can be solved only after the instructor guides you to try, from this point, we can see that the concept of the incident is vague and the sin...
4. User logon is classified into four levels. Although the password is encrypted using MD5, the page logon process does not use cookies to store any user information, because the session is only used for this purpose, it seems that the pressure on the server is increased. If you don't consider this for the time being, you always feel that the security is low. You can determine whether to enable the page by using the session value. This blank area of network security makes me feel overwhelmed.

It can be said that there are still many problems, one step at a time !!!